Package: bugzilla Severity: normal Tags: woody security sarge sid A minor information leak in Bugzilla's product handling code affects Woody, Sarge and sid:
Issue 1 ------- Class: Information Leak Versions: 2.10 through 2.18, 2.19.1, 2.19.2 Description: If a user correctly guesses the name of a product that should be invisible to them, they will be specifically informed that they do not have access to it, thus letting them know that the product exists. Also, users can enter bugs into products that are closed for bug entry, if they correctly guess the name of the product. Reference: https://bugzilla.mozilla.org/show_bug.cgi?id=287109 Cheers, Moritz -- System Information: Debian Release: 3.1 APT prefers testing APT policy: (990, 'testing') Architecture: i386 (i686) Kernel: Linux 2.4.29-vs1.2.10 Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Versions of packages bugzilla depends on: pn apache | roxen2 | apache-ssl Not found. ii debconf 1.4.30.13 Debian configuration management sy ii exim4-daemon-light [mail-tran 4.50-4 lightweight exim MTA (v4) daemon ii libdbd-mysql-perl 2.9006-1 A Perl5 database interface to the ii libtimedate-perl 1.1600-4 Time and date functions for Perl -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]